1/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58/* ==================================================================== 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 112#include <stdio.h> 113#include <stdlib.h> 114#define USE_SOCKETS 115#define NON_MAIN 116#include "apps.h" 117#undef NON_MAIN 118#undef USE_SOCKETS 119#include <openssl/err.h> 120#include <openssl/rand.h> 121#include <openssl/x509.h> 122#include <openssl/ssl.h> 123#include "s_apps.h" 124 125#define COOKIE_SECRET_LENGTH 16 126 127int verify_depth=0; 128int verify_error=X509_V_OK; 129int verify_return_error=0; 130unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; 131int cookie_initialized=0; 132 133int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) 134 { 135 X509 *err_cert; 136 int err,depth; 137 138 err_cert=X509_STORE_CTX_get_current_cert(ctx); 139 err= X509_STORE_CTX_get_error(ctx); 140 depth= X509_STORE_CTX_get_error_depth(ctx); 141 142 BIO_printf(bio_err,"depth=%d ",depth); 143 if (err_cert) 144 { 145 X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), 146 0, XN_FLAG_ONELINE); 147 BIO_puts(bio_err, "\n"); 148 } 149 else 150 BIO_puts(bio_err, "<no cert>\n"); 151 if (!ok) 152 { 153 BIO_printf(bio_err,"verify error:num=%d:%s\n",err, 154 X509_verify_cert_error_string(err)); 155 if (verify_depth >= depth) 156 { 157 if (!verify_return_error) 158 ok=1; 159 verify_error=X509_V_OK; 160 } 161 else 162 { 163 ok=0; 164 verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; 165 } 166 } 167 switch (err) 168 { 169 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 170 BIO_puts(bio_err,"issuer= "); 171 X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), 172 0, XN_FLAG_ONELINE); 173 BIO_puts(bio_err, "\n"); 174 break; 175 case X509_V_ERR_CERT_NOT_YET_VALID: 176 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 177 BIO_printf(bio_err,"notBefore="); 178 ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert)); 179 BIO_printf(bio_err,"\n"); 180 break; 181 case X509_V_ERR_CERT_HAS_EXPIRED: 182 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 183 BIO_printf(bio_err,"notAfter="); 184 ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert)); 185 BIO_printf(bio_err,"\n"); 186 break; 187 case X509_V_ERR_NO_EXPLICIT_POLICY: 188 policies_print(bio_err, ctx); 189 break; 190 } 191 if (err == X509_V_OK && ok == 2) 192 policies_print(bio_err, ctx); 193 194 BIO_printf(bio_err,"verify return:%d\n",ok); 195 return(ok); 196 } 197 198int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) 199 { 200 if (cert_file != NULL) 201 { 202 /* 203 SSL *ssl; 204 X509 *x509; 205 */ 206 207 if (SSL_CTX_use_certificate_file(ctx,cert_file, 208 SSL_FILETYPE_PEM) <= 0) 209 { 210 BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file); 211 ERR_print_errors(bio_err); 212 return(0); 213 } 214 if (key_file == NULL) key_file=cert_file; 215 if (SSL_CTX_use_PrivateKey_file(ctx,key_file, 216 SSL_FILETYPE_PEM) <= 0) 217 { 218 BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file); 219 ERR_print_errors(bio_err); 220 return(0); 221 } 222 223 /* 224 In theory this is no longer needed 225 ssl=SSL_new(ctx); 226 x509=SSL_get_certificate(ssl); 227 228 if (x509 != NULL) { 229 EVP_PKEY *pktmp; 230 pktmp = X509_get_pubkey(x509); 231 EVP_PKEY_copy_parameters(pktmp, 232 SSL_get_privatekey(ssl)); 233 EVP_PKEY_free(pktmp); 234 } 235 SSL_free(ssl); 236 */ 237 238 /* If we are using DSA, we can copy the parameters from 239 * the private key */ 240 241 242 /* Now we know that a key and cert have been set against 243 * the SSL context */ 244 if (!SSL_CTX_check_private_key(ctx)) 245 { 246 BIO_printf(bio_err,"Private key does not match the certificate public key\n"); 247 return(0); 248 } 249 } 250 return(1); 251 } 252 253int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) 254 { 255 if (cert == NULL) 256 return 1; 257 if (SSL_CTX_use_certificate(ctx,cert) <= 0) 258 { 259 BIO_printf(bio_err,"error setting certificate\n"); 260 ERR_print_errors(bio_err); 261 return 0; 262 } 263 if (SSL_CTX_use_PrivateKey(ctx,key) <= 0) 264 { 265 BIO_printf(bio_err,"error setting private key\n"); 266 ERR_print_errors(bio_err); 267 return 0; 268 } 269 270 271 /* Now we know that a key and cert have been set against 272 * the SSL context */ 273 if (!SSL_CTX_check_private_key(ctx)) 274 { 275 BIO_printf(bio_err,"Private key does not match the certificate public key\n"); 276 return 0; 277 } 278 return 1; 279 } 280 281long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, 282 int argi, long argl, long ret) 283 { 284 BIO *out; 285 286 out=(BIO *)BIO_get_callback_arg(bio); 287 if (out == NULL) return(ret); 288 289 if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) 290 { 291 BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n", 292 (void *)bio,argp,(unsigned long)argi,ret,ret); 293 BIO_dump(out,argp,(int)ret); 294 return(ret); 295 } 296 else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) 297 { 298 BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n", 299 (void *)bio,argp,(unsigned long)argi,ret,ret); 300 BIO_dump(out,argp,(int)ret); 301 } 302 return(ret); 303 } 304 305void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) 306 { 307 const char *str; 308 int w; 309 310 w=where& ~SSL_ST_MASK; 311 312 if (w & SSL_ST_CONNECT) str="SSL_connect"; 313 else if (w & SSL_ST_ACCEPT) str="SSL_accept"; 314 else str="undefined"; 315 316 if (where & SSL_CB_LOOP) 317 { 318 BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s)); 319 } 320 else if (where & SSL_CB_ALERT) 321 { 322 str=(where & SSL_CB_READ)?"read":"write"; 323 BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n", 324 str, 325 SSL_alert_type_string_long(ret), 326 SSL_alert_desc_string_long(ret)); 327 } 328 else if (where & SSL_CB_EXIT) 329 { 330 if (ret == 0) 331 BIO_printf(bio_err,"%s:failed in %s\n", 332 str,SSL_state_string_long(s)); 333 else if (ret < 0) 334 { 335 BIO_printf(bio_err,"%s:error in %s\n", 336 str,SSL_state_string_long(s)); 337 } 338 } 339 } 340 341 342void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) 343 { 344 BIO *bio = arg; 345 const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= ""; 346 347 str_write_p = write_p ? ">>>" : "<<<"; 348 349 switch (version) 350 { 351 case SSL2_VERSION: 352 str_version = "SSL 2.0"; 353 break; 354 case SSL3_VERSION: 355 str_version = "SSL 3.0 "; 356 break; 357 case TLS1_VERSION: 358 str_version = "TLS 1.0 "; 359 break; 360 case TLS1_1_VERSION: 361 str_version = "TLS 1.1 "; 362 break; 363 case TLS1_2_VERSION: 364 str_version = "TLS 1.2 "; 365 break; 366 case DTLS1_VERSION: 367 str_version = "DTLS 1.0 "; 368 break; 369 case DTLS1_BAD_VER: 370 str_version = "DTLS 1.0 (bad) "; 371 break; 372 default: 373 str_version = "???"; 374 } 375 376 if (version == SSL2_VERSION) 377 { 378 str_details1 = "???"; 379 380 if (len > 0) 381 { 382 switch (((const unsigned char*)buf)[0]) 383 { 384 case 0: 385 str_details1 = ", ERROR:"; 386 str_details2 = " ???"; 387 if (len >= 3) 388 { 389 unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; 390 391 switch (err) 392 { 393 case 0x0001: 394 str_details2 = " NO-CIPHER-ERROR"; 395 break; 396 case 0x0002: 397 str_details2 = " NO-CERTIFICATE-ERROR"; 398 break; 399 case 0x0004: 400 str_details2 = " BAD-CERTIFICATE-ERROR"; 401 break; 402 case 0x0006: 403 str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; 404 break; 405 } 406 } 407 408 break; 409 case 1: 410 str_details1 = ", CLIENT-HELLO"; 411 break; 412 case 2: 413 str_details1 = ", CLIENT-MASTER-KEY"; 414 break; 415 case 3: 416 str_details1 = ", CLIENT-FINISHED"; 417 break; 418 case 4: 419 str_details1 = ", SERVER-HELLO"; 420 break; 421 case 5: 422 str_details1 = ", SERVER-VERIFY"; 423 break; 424 case 6: 425 str_details1 = ", SERVER-FINISHED"; 426 break; 427 case 7: 428 str_details1 = ", REQUEST-CERTIFICATE"; 429 break; 430 case 8: 431 str_details1 = ", CLIENT-CERTIFICATE"; 432 break; 433 } 434 } 435 } 436 437 if (version == SSL3_VERSION || 438 version == TLS1_VERSION || 439 version == DTLS1_VERSION || 440 version == DTLS1_BAD_VER) 441 { 442 switch (content_type) 443 { 444 case 20: 445 str_content_type = "ChangeCipherSpec"; 446 break; 447 case 21: 448 str_content_type = "Alert"; 449 break; 450 case 22: 451 str_content_type = "Handshake"; 452 break; 453 } 454 455 if (content_type == 21) /* Alert */ 456 { 457 str_details1 = ", ???"; 458 459 if (len == 2) 460 { 461 switch (((const unsigned char*)buf)[0]) 462 { 463 case 1: 464 str_details1 = ", warning"; 465 break; 466 case 2: 467 str_details1 = ", fatal"; 468 break; 469 } 470 471 str_details2 = " ???"; 472 switch (((const unsigned char*)buf)[1]) 473 { 474 case 0: 475 str_details2 = " close_notify"; 476 break; 477 case 10: 478 str_details2 = " unexpected_message"; 479 break; 480 case 20: 481 str_details2 = " bad_record_mac"; 482 break; 483 case 21: 484 str_details2 = " decryption_failed"; 485 break; 486 case 22: 487 str_details2 = " record_overflow"; 488 break; 489 case 30: 490 str_details2 = " decompression_failure"; 491 break; 492 case 40: 493 str_details2 = " handshake_failure"; 494 break; 495 case 42: 496 str_details2 = " bad_certificate"; 497 break; 498 case 43: 499 str_details2 = " unsupported_certificate"; 500 break; 501 case 44: 502 str_details2 = " certificate_revoked"; 503 break; 504 case 45: 505 str_details2 = " certificate_expired"; 506 break; 507 case 46: 508 str_details2 = " certificate_unknown"; 509 break; 510 case 47: 511 str_details2 = " illegal_parameter"; 512 break; 513 case 48: 514 str_details2 = " unknown_ca"; 515 break; 516 case 49: 517 str_details2 = " access_denied"; 518 break; 519 case 50: 520 str_details2 = " decode_error"; 521 break; 522 case 51: 523 str_details2 = " decrypt_error"; 524 break; 525 case 60: 526 str_details2 = " export_restriction"; 527 break; 528 case 70: 529 str_details2 = " protocol_version"; 530 break; 531 case 71: 532 str_details2 = " insufficient_security"; 533 break; 534 case 80: 535 str_details2 = " internal_error"; 536 break; 537 case 90: 538 str_details2 = " user_canceled"; 539 break; 540 case 100: 541 str_details2 = " no_renegotiation"; 542 break; 543 case 110: 544 str_details2 = " unsupported_extension"; 545 break; 546 case 111: 547 str_details2 = " certificate_unobtainable"; 548 break; 549 case 112: 550 str_details2 = " unrecognized_name"; 551 break; 552 case 113: 553 str_details2 = " bad_certificate_status_response"; 554 break; 555 case 114: 556 str_details2 = " bad_certificate_hash_value"; 557 break; 558 case 115: 559 str_details2 = " unknown_psk_identity"; 560 break; 561 } 562 } 563 } 564 565 if (content_type == 22) /* Handshake */ 566 { 567 str_details1 = "???"; 568 569 if (len > 0) 570 { 571 switch (((const unsigned char*)buf)[0]) 572 { 573 case 0: 574 str_details1 = ", HelloRequest"; 575 break; 576 case 1: 577 str_details1 = ", ClientHello"; 578 break; 579 case 2: 580 str_details1 = ", ServerHello"; 581 break; 582 case 3: 583 str_details1 = ", HelloVerifyRequest"; 584 break; 585 case 11: 586 str_details1 = ", Certificate"; 587 break; 588 case 12: 589 str_details1 = ", ServerKeyExchange"; 590 break; 591 case 13: 592 str_details1 = ", CertificateRequest"; 593 break; 594 case 14: 595 str_details1 = ", ServerHelloDone"; 596 break; 597 case 15: 598 str_details1 = ", CertificateVerify"; 599 break; 600 case 16: 601 str_details1 = ", ClientKeyExchange"; 602 break; 603 case 20: 604 str_details1 = ", Finished"; 605 break; 606 } 607 } 608 } 609 610#ifndef OPENSSL_NO_HEARTBEATS 611 if (content_type == 24) /* Heartbeat */ 612 { 613 str_details1 = ", Heartbeat"; 614 615 if (len > 0) 616 { 617 switch (((const unsigned char*)buf)[0]) 618 { 619 case 1: 620 str_details1 = ", HeartbeatRequest"; 621 break; 622 case 2: 623 str_details1 = ", HeartbeatResponse"; 624 break; 625 } 626 } 627 } 628#endif 629 } 630 631 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2); 632 633 if (len > 0) 634 { 635 size_t num, i; 636 637 BIO_printf(bio, " "); 638 num = len; 639#if 0 640 if (num > 16) 641 num = 16; 642#endif 643 for (i = 0; i < num; i++) 644 { 645 if (i % 16 == 0 && i > 0) 646 BIO_printf(bio, "\n "); 647 BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]); 648 } 649 if (i < len) 650 BIO_printf(bio, " ..."); 651 BIO_printf(bio, "\n"); 652 } 653 (void)BIO_flush(bio); 654 } 655 656void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, 657 unsigned char *data, int len, 658 void *arg) 659 { 660 BIO *bio = arg; 661 char *extname; 662 663 switch(type) 664 { 665 case TLSEXT_TYPE_server_name: 666 extname = "server name"; 667 break; 668 669 case TLSEXT_TYPE_max_fragment_length: 670 extname = "max fragment length"; 671 break; 672 673 case TLSEXT_TYPE_client_certificate_url: 674 extname = "client certificate URL"; 675 break; 676 677 case TLSEXT_TYPE_trusted_ca_keys: 678 extname = "trusted CA keys"; 679 break; 680 681 case TLSEXT_TYPE_truncated_hmac: 682 extname = "truncated HMAC"; 683 break; 684 685 case TLSEXT_TYPE_status_request: 686 extname = "status request"; 687 break; 688 689 case TLSEXT_TYPE_user_mapping: 690 extname = "user mapping"; 691 break; 692 693 case TLSEXT_TYPE_client_authz: 694 extname = "client authz"; 695 break; 696 697 case TLSEXT_TYPE_server_authz: 698 extname = "server authz"; 699 break; 700 701 case TLSEXT_TYPE_cert_type: 702 extname = "cert type"; 703 break; 704 705 case TLSEXT_TYPE_elliptic_curves: 706 extname = "elliptic curves"; 707 break; 708 709 case TLSEXT_TYPE_ec_point_formats: 710 extname = "EC point formats"; 711 break; 712 713 case TLSEXT_TYPE_srp: 714 extname = "SRP"; 715 break; 716 717 case TLSEXT_TYPE_signature_algorithms: 718 extname = "signature algorithms"; 719 break; 720 721 case TLSEXT_TYPE_use_srtp: 722 extname = "use SRTP"; 723 break; 724 725 case TLSEXT_TYPE_heartbeat: 726 extname = "heartbeat"; 727 break; 728 729 case TLSEXT_TYPE_session_ticket: 730 extname = "session ticket"; 731 break; 732 733 case TLSEXT_TYPE_renegotiate: 734 extname = "renegotiation info"; 735 break; 736 737#ifdef TLSEXT_TYPE_opaque_prf_input 738 case TLSEXT_TYPE_opaque_prf_input: 739 extname = "opaque PRF input"; 740 break; 741#endif 742#ifdef TLSEXT_TYPE_next_proto_neg 743 case TLSEXT_TYPE_next_proto_neg: 744 extname = "next protocol"; 745 break; 746#endif 747 748 default: 749 extname = "unknown"; 750 break; 751 752 } 753 754 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", 755 client_server ? "server": "client", 756 extname, type, len); 757 BIO_dump(bio, (char *)data, len); 758 (void)BIO_flush(bio); 759 } 760 761int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) 762 { 763 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 764 unsigned int length, resultlength; 765 union { 766 struct sockaddr sa; 767 struct sockaddr_in s4; 768#if OPENSSL_USE_IPV6 769 struct sockaddr_in6 s6; 770#endif 771 } peer; 772 773 /* Initialize a random secret */ 774 if (!cookie_initialized) 775 { 776 if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) 777 { 778 BIO_printf(bio_err,"error setting random cookie secret\n"); 779 return 0; 780 } 781 cookie_initialized = 1; 782 } 783 784 /* Read peer information */ 785 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 786 787 /* Create buffer with peer's address and port */ 788 length = 0; 789 switch (peer.sa.sa_family) 790 { 791 case AF_INET: 792 length += sizeof(struct in_addr); 793 length += sizeof(peer.s4.sin_port); 794 break; 795#if OPENSSL_USE_IPV6 796 case AF_INET6: 797 length += sizeof(struct in6_addr); 798 length += sizeof(peer.s6.sin6_port); 799 break; 800#endif 801 default: 802 OPENSSL_assert(0); 803 break; 804 } 805 buffer = OPENSSL_malloc(length); 806 807 if (buffer == NULL) 808 { 809 BIO_printf(bio_err,"out of memory\n"); 810 return 0; 811 } 812 813 switch (peer.sa.sa_family) 814 { 815 case AF_INET: 816 memcpy(buffer, 817 &peer.s4.sin_port, 818 sizeof(peer.s4.sin_port)); 819 memcpy(buffer + sizeof(peer.s4.sin_port), 820 &peer.s4.sin_addr, 821 sizeof(struct in_addr)); 822 break; 823#if OPENSSL_USE_IPV6 824 case AF_INET6: 825 memcpy(buffer, 826 &peer.s6.sin6_port, 827 sizeof(peer.s6.sin6_port)); 828 memcpy(buffer + sizeof(peer.s6.sin6_port), 829 &peer.s6.sin6_addr, 830 sizeof(struct in6_addr)); 831 break; 832#endif 833 default: 834 OPENSSL_assert(0); 835 break; 836 } 837 838 /* Calculate HMAC of buffer using the secret */ 839 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 840 buffer, length, result, &resultlength); 841 OPENSSL_free(buffer); 842 843 memcpy(cookie, result, resultlength); 844 *cookie_len = resultlength; 845 846 return 1; 847 } 848 849int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) 850 { 851 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 852 unsigned int length, resultlength; 853 union { 854 struct sockaddr sa; 855 struct sockaddr_in s4; 856#if OPENSSL_USE_IPV6 857 struct sockaddr_in6 s6; 858#endif 859 } peer; 860 861 /* If secret isn't initialized yet, the cookie can't be valid */ 862 if (!cookie_initialized) 863 return 0; 864 865 /* Read peer information */ 866 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 867 868 /* Create buffer with peer's address and port */ 869 length = 0; 870 switch (peer.sa.sa_family) 871 { 872 case AF_INET: 873 length += sizeof(struct in_addr); 874 length += sizeof(peer.s4.sin_port); 875 break; 876#if OPENSSL_USE_IPV6 877 case AF_INET6: 878 length += sizeof(struct in6_addr); 879 length += sizeof(peer.s6.sin6_port); 880 break; 881#endif 882 default: 883 OPENSSL_assert(0); 884 break; 885 } 886 buffer = OPENSSL_malloc(length); 887 888 if (buffer == NULL) 889 { 890 BIO_printf(bio_err,"out of memory\n"); 891 return 0; 892 } 893 894 switch (peer.sa.sa_family) 895 { 896 case AF_INET: 897 memcpy(buffer, 898 &peer.s4.sin_port, 899 sizeof(peer.s4.sin_port)); 900 memcpy(buffer + sizeof(peer.s4.sin_port), 901 &peer.s4.sin_addr, 902 sizeof(struct in_addr)); 903 break; 904#if OPENSSL_USE_IPV6 905 case AF_INET6: 906 memcpy(buffer, 907 &peer.s6.sin6_port, 908 sizeof(peer.s6.sin6_port)); 909 memcpy(buffer + sizeof(peer.s6.sin6_port), 910 &peer.s6.sin6_addr, 911 sizeof(struct in6_addr)); 912 break; 913#endif 914 default: 915 OPENSSL_assert(0); 916 break; 917 } 918 919 /* Calculate HMAC of buffer using the secret */ 920 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 921 buffer, length, result, &resultlength); 922 OPENSSL_free(buffer); 923 924 if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0) 925 return 1; 926 927 return 0; 928 } 929